CVE-2023-32448

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:powerpath:7.0:::::windows::
	cpe:2.3:a:dell:powerpath:7.1:::::windows::
	cpe:2.3:a:dell:powerpath:7.2:::::windows::

History

No history.

Information

Published : 2023-05-30 16:15

Updated : 2023-06-06 14:22

NVD link : CVE-2023-32448

Mitre link : CVE-2023-32448

CVE.ORG link : CVE-2023-32448

JSON object : View

Products Affected

dell

powerpath

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2023-32448", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-05-30T16:15:09.937", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "\nPowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.\n\n"}], "lastModified": "2023-06-06T14:22:51.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerpath:7.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "381F7BE1-3FD4-48C4-9A80-687C2BBFA7AD"}, {"criteria": "cpe:2.3:a:dell:powerpath:7.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "2877B661-722E-46EB-B396-024B7B7D2A02"}, {"criteria": "cpe:2.3:a:dell:powerpath:7.2:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "41D40F07-86F1-4466-90CE-13CE744A0BCB"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}